Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could rende
The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.
The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can
Improper control of framework service permissions with possibility of some sensitive device information leakage.
Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS).
The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validat
An unauthenticated remote attacker can access a URL which causes the device to reboot.
A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the d
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafte
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configura
Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place.
This could allow an unauthenticated attacker to gain
A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1
An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could
A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairing_failed packet.
Page 1+ Next →